Amrit Poojari

• Overseeing Product Security for a globally deployed payment application, including Wallet, P2P transactions, BNPL, and other financial services.
• Driving Security by Design initiatives, collaborating with developers to embed security best practices into application development, strengthening the overall security posture of critical payment products.
• Conducting Threat Modeling to proactively identify vulnerabilities, mitigate risks, and integrate security controls across all phases of the Software Development Life Cycle (SDLC).
• Actively engaging in application architecture reviews, ensuring secure design principles are applied from inception to deployment.
  

Key Achievements & Deliverables

• Developed and deployed new security features for a global payment wallet application, enhancing protection against emerging cyber threats.
• Led security oversight for Wallet Payment, Tokenization, and Issuer-Acquirer Merchant integrations, safeguarding financial transactions at scale.
• Fixed security issues from Blackduck and Checkmarx and helped team to plan and mitigate various application security testing.
• Conducted security assessments for regulatory applications across multiple regions, particularly in Card Dispute Resolution, ensuring compliance and risk mitigation.
• Recommended security system improvements, conducting risk analyses to define effective security countermeasures.
• Improvised enterprise-wide security standards and procedures, aligning security strategies with business objectives.
• Authored detailed security and vulnerability reports, analyzing attack vectors and providing actionable remediation plans.
• Delivered security awareness training, strengthening employee resilience against phishing, ransomware, and other cyber threats.
• Contributed to daily security operations, collaborating across teams to maintain and enhance the organization's security framework.

• Managing BAU security process for 8 internal applications
• Reviewing third party SAAS solutions with respect to architecture, deployment, security for over 10 products
• Contributing in S-SDLC efforts for secure code design
• Worked well in a team setting, providing support and guidance.
• Demonstrated strong organizational and time management skills while managing multiple projects.

• Led the Application Penetration Testing team, proactively identifying and mitigating vulnerabilities across Qualys products, networks, and endpoints, strengthening the overall security posture.
• Implemented and operationalized a Web Application Firewall (WAF) across all product lines, significantly enhancing protection against web-based threats.
• Drove continuous security improvement initiatives, integrating DevSecOps practices and advancing application security across development pipelines.
• Personally identified and remediated critical vulnerabilities in Qualys products, preventing potential exploits and ensuring secure software releases.
• Designed and operationalized a Bug Bounty program, incentivizing ethical hacking to enhance product security through responsible vulnerability disclosure.
• Investigated security incidents, authored detailed forensic reports, and presented findings to executive leadership, driving informed decision-making.
• Managed contract negotiations, budget planning, training programs, and performance reviews, ensuring efficient resource allocation and team development.
• Led a team of three security professionals, fostering skill development and enhancing overall team effectiveness.
• Evaluated security systems and procedures, recommending strategic improvements to strengthen organizational security.

• Managed team of penetration testers responsible for testing Bank's critical infrastructure
• Finding critical bugs in production applications as part of the Advanced PT activity Conducting application security assessments activities for Web Applications including Web services and actively participating in closure of security issues
• Conducting application security assessments activities for Mobile applications including Android & iOS and actively participating in closure of security issues
• Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks
• Established polices, SOPs and security standards in accordance with federal regulations
• Evaluation & Implementation of security solutions for enhancing the security posture of the organization
• Implement & design policies for web application firewall (Akamai & Imperva)

Key Project Deliveries

• Achieved WAF blocking for external facing banking applications for AxisBank
• Implemented Anti Malware security solutions for 8 Axis mobile applications
• Successfully ran Red team / Blue team exercises as BAU Achieved 100% testing in calendar activities for source code review and penetration testing YoY
• Achieved around 70% automation in application security stack by implementing tools like Acunetix, Checkmarx (SAST & IAST), Appknox
• Performed security architecture review on 30 large enterprise applications
• Liaised between business and technology units to manage delivery schedules for applications.
• Gathered requirements and maintained communication between project teams, internal clients and external stakeholders.
• Communicated project status and change management metrices with upper management
• Analyzed company processes to determine outsourcing feasibility.
• Increased employee productivity by 60% through training and mentorship.
• Prepared status charts for weekly management meetings and shared updates to upcoming work alike

• Developed suggestions for technical process improvements to optimize resources.
• Managed implementation of new technological solutions resulting in increased efficiency.
• Recruited and trained IT security team members.
• Performed Application security testing for Web, Mobile and APIs

• Responsible to carry out Application security testing for a major US client in aviation industry
• Policy review of the security tools implemented as well as hardening of OS for ECG machine
• Worked effectively in fast-paced environments.

Leading a group of Security professionals for a Top Financial institute in India

• Worked on managing client queries, planning and strategizing security activities & risk mitigation with clients and regular meetings and discussions
• Review team member's assessments for all VAPT activities
• Strategizing & Schedule overall scope of Vulnerability managements assignments
• Recommend improvements in security systems and procedures.
• Performed risk analyses to identify appropriate security countermeasures.
• Conducted security audits to identify vulnerabilities.
• Leading PCI Audits, Application security, APT, ASV Scans
• Monthly discussion with client's application owners and presentation on the findings and the recommendations to Business Heads/Application Owners
• Tracking application vulnerabilities on the client environment and giving timely suggestions and mitigation controls for vulnerability closure
• Suggesting new Tools & Technologies to Clients, conducting POC's for tools and sharing Comparison reports.

• Projects include short term and long term assignments for various Banking and Financial sectors, Conducted Web Application testing for various Banking applications
• Projects include Security Configuration Audits, Hardening of Servers,Databases and Network devices
• Projects include Black box penetration testing of Servers,Databases and Network devices both using tools and Manually
• Conducted over 80+ Web application testing.
• Performed audits of subsidiaries to protect shareholders and potential investors from fraudulent or unrepresentative financial claims.